Advisories ยป MGASA-2017-0400

Updated tomcat packages fix security vulnerability

Publication date: 02 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12617

Description

When running with HTTP PUTs enabled (e.g. via setting the readonly
initialization parameter of the Default servlet to false) it was
possible to upload a JSP file to the server via a specially crafted
request. This JSP could then be requested and any code it contained
would be executed by the server (CVE-2017-12617).
                

References

SRPMS

5/core

6/core